# IP Intelligence Briefing: 104.236.69.29/32
Briefing Date: 2026-06-16
Intel Source: IPDebrief Threat Intelligence Platform
Classification: SOC Actionable Intelligence
---
## Executive Summary
IP address 104.236.69.29 is a DigitalOcean cloud infrastructure endpoint operating as a web server. Current risk assessment indicates Moderate Risk (55/100) with no active threat indicators. The IP resolves to Cloudways hosting infrastructure and exhibits standard web server characteristics. Monitoring is recommended due to elevated risk score, though blocking is not currently justified without corroborating threat signals.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 55/100 (Moderate) |
| **ASN** | 14061 (DigitalOcean, LLC) |
| **Organization** | DIGITALOCEAN-104-236-0-0 |
| **CIDR Block** | 104.236.0.0/16 |
| **Geolocation** | US, NJ, Clifton |
| **Infrastructure Type** | CloudCompute (Cloud Provider) |
| **Service Purpose** | Web Server |
---
## Service Exposure
The endpoint exposes standard web services with SSH access:
| Port | Protocol | Service | Status |
|---|---|---|---|
| 80 | TCP | HTTP | Open |
| 443 | TCP | HTTPS | Open |
| 22 | TCP | SSH | Open (OpenSSH_9.2p1 Debian-2+deb12u9) |
Server Stack: nginx (TLS 1.3, TLS_AES_256_GCM_SHA384 cipher suite)
TLS Certificate: Sectigo Public Server Authentication CA DV R36, subject: *.cloudwaysapps.com
---
## DNS & Hostname Resolution
- PTR Hostname: 1610509.cloudwaysapps.com
- Forward Resolution: 1610509.cloudwaysapps.com
- Associated Domain: cloudwaysapps.com (Cloudways application hosting platform)
- Forward Confirmation: False
- Email Authentication: SPF/DMARC not configured
---
## Threat Indicators Assessment
- Known Campaigns: None
- Threat Feeds: None
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not applicable
- DNSBL Listed: 3 of 8 total lists (operator score: 0.1304 - Minimal)
---
## Network Neighborhood Analysis
Subnet: 104.236.69.0/24
- Abuse Density: 0%
- Classification: Clean
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 0
No neighboring IPs in the /24 subnet show threat indicators.
---
## Control Plane Stability
- BGP Prefix: 104.236.64.0/18
- Route Stability: False
- RPKI State: Not available
- IRR Consistency: Not available
- Route Changes (30d): 0
---
## Historical Observations
Signal history indicates stable infrastructure behavior:
- HTTP/2 responses with 144ms TTFB
- TLS 1.3 implementation with strong cipher suites
- No observed ownership changes
- No persistent malicious activity detected
- Consistent web server fingerprint (nginx)
---
## Relationship Graph
- Network Association: DIGITALOCEAN-104-236-0-0 (multiple entries)
- DNS Associations: 1610509.cloudwaysapps.com (6 associations)
---
## Recommended Actions
Monitoring (High Priority)
- Increase logging verbosity and review recent activity from this IP
- Monitor for behavioral changes given elevated risk score
Firewall Rules (Prepared)
```bash
# iptables
iptables -A INPUT -s 104.236.69.29 -j DROP
# nftables
nft add rule inet filter input ip saddr 104.236.69.29 drop
# nginx
deny 104.236.69.29;
# pfSense
104.236.69.29/32
# Cloudflare WAF
ip.src eq 104.236.69.29 β Block
# AWS WAF
Addresses: 104.236.69.29/32
```
---
## Analyst Notes
Key Observation: Risk score of 55/100 is elevated but lacks corroborating threat indicators. The IP is associated with Cloudways hosting (a legitimate PaaS provider), and neighborhood analysis shows a clean subnet with no abuse density.
Recommended Approach: Maintain monitoring without immediate blocking. The elevated risk score may reflect general cloud infrastructure baseline risk rather than active malicious activity. Implement additional validation if threat intelligence correlates with known campaigns or if behavioral anomalies emerge.
Action Priority: Monitor (High) β Block only if corroborated by additional threat signals.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | DIGITALOCEAN-104-236-0-0 |
| CIDR Block | 104.236.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 1610509.cloudwaysapps.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 1610509.cloudwaysapps.com |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u9 |
π TLS Certificate
| SANs | *.cloudwaysapps.comcloudwaysapps.com |
| Valid From | 2026-03-24T00:00:00+00:00 |
| Valid Until | 2026-09-08T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 168 days |
| Serial Number | 009B708F987840C872F8BA3107B1BE80B7 |
| Thumbprint | 6C279C136F317BAEDEEEEA2E6CD5AABC7627E2E2 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 35% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 17% | 1 | 1 |
| Overall | 29% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-09 14:17:04 UTC |
| Last Seen | 2026-06-21 16:11:21 UTC |
| Profile Built | 2026-06-21 16:14:04 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.